0a8e77e949
- Moved everything from ideas/passepartout/ to projects/passepartout/ - Moved legal structures to projects/flags/ - Created missing _index.org files for all subdirectories - Stripped redundant passepartout- prefix from filenames - Rewrote root _index.org as generalized brain index (projects + concepts) - Updated Hugo nav to Projects/Concepts - Updated build script section descriptions - Deleted stale ideas/passepartout-economics.md orphan
1.5 KiB
APPI (Act on the Protection of Personal Information — Japan)
Japan's comprehensive privacy law (amended 2022, fully effective 2023). Applies to any business handling personal information of Japanese residents. Key requirements: consent, purpose specification, data retention limits, cross-border transfer restrictions (opt-in required), mandatory breach reporting, data subject access/deletion rights, pseudonymized/anonymized data provisions. Personal Information Protection Commission (PPC) enforces.
Penalties: Up to 100M JPY (~$700K) for violations; criminal penalties up to 1 year imprisonment. Orders to suspend data processing or delete data.
Who must comply: All businesses handling personal information of Japanese residents. Extraterritorial — applies to non-Japanese businesses targeting Japanese residents.
Why it matters: APPI's cross-border transfer restrictions require fine-grained control over which data leaves Japan. The gate stack can encode "this data has APPI cross-border consent flag = false → block egress." First-mover advantage is moderate — few non-Japanese vendors target APPI specifically, and the 2022 report. First-mover advantage is moderate — few non-Japanese vendors target APPI specifically, and the 2022 amendments created a market for dedicated APPI tooling.
Part of the compliance framework index.